sign in sign up
<<
Home , Ryuk (ransomware)

“Useful Technology Ideas for Your Business” What’s Inside: NJ County and City Hit by Ryuk NJ County and City Hit by Ryuk Attacks Ransomware Attacks On November 9 and November 12, the computer systems of ...... …...... Page 1 Union County and the city of Dover, respectively, were both targeted by a ransomware infection. Details in either case are still What our clients are limited at this time, however, the attacks affected the internal networks of both governments to some degree before service was saying ...... Page 1 restored. The public agencies were able to regulate the damage with external help from IT service firms. Creating a Sense of Shared Cybersecurity Union County and Dover, Morris County, NJ Cyberattacks The first attack occurred on a Saturday, so the Dover municipal ...... Page 2 government was not aware of the infection until the following Tuesday – the same day Union County’s network was hit, though they were able to respond to the incident much more quickly Survey chance to win a gift as it happened on a weekday. Both experienced a slowdown in their internal email servers, card! ...... Page 2 while the latter also saw some website assets affected. Statements from both governments claim that no data was lost and most services have been restored as of this writing.

Shiny gadget of the month Hundreds of Cities Infected with Ransomware ...... Page 3 These cyber incidents follow a rapidly growing trend of public institutions being targeted by ransomware attacks. Hospitals, police departments and now municipal and state agencies are increasingly victimized by infections that encrypt databases and demand a payment to States Impose Greater Data unlock those files. Baltimore, Philadelphia, and several cities throughout New Jersey are only a Privacy Standards few of the many that have been assailed by malware infections...... Page 3 These developments have not gone unnoticed and have been addressed at multiple levels of government. However, despite the efforts by local and federal agencies, ransomware continues TRIVIA ...... Page 3 to affect cities, states and private businesses across the country. This is because hackers know what techniques to use against overextended networks like those of public institutions and Services we offer……...... Page 4 SMBs, including social engineering and exploiting popular applications like the Office 365 suite.

Tips for staying safe this holiday season Continued on page 2...... Page 4 What our clients are saying: Pee Jay's Fresh Fruit “SWK’s response time has been great. There have been many times we've submitted an email with an issue and received a call back within 5 minutes. Very impressive!

Shay always goes above and beyond. Earlier this year we had an email issue with an outside vendor, and he got involved - even contacted the outside vendor himself - and made sure to stay on top of the situation. When I put it on the back burner, he still was working on it and even though it was not a quick fix, he helped resolve it!

Our biggest benefit by working with SWK is that we have confidence that if any IT issues arise, they will be dealt with quickly. If it's not a quick fix, it will be thoroughly examined and diligently worked on until it's completed.”

Anthony D'Agostino Pee Jay's Fresh Fruit

Get More Free Tips, Tools, and Services on Our Website: www.swknetworkservices.com Page 2

NJ County and City Hit by Ryuk Ransomware AreTwo You STILL ways Using Outdated to Attacks WINTape Backups? a gift Continued from page 1… If your computer network and the data it holds got erasedcard! or corrupted because of a What is Ryuk and Why You Should Be Worried About It virus, hard drive crash, fire, flood or some Another worrying trend among many recent ransomware attacks – including the majority of reported otherIt only random, takes unforeseen a minute disaster, and howYOU incidents in NJ – is that the same type of malware was used in most cases: Ryuk. The profile of Ryuk confidentcould are be you our RIGHT next winner! NOW that makes it a huge concern, as researchers note that it is deployed almost exclusively for targeted attacks your business could be back up and with critical files encrypted and larger ransoms demanded. Additionally (or perhaps, appropriately), this type of ransomware can be employed through several different methods and channels, and can delete all running again FAST? evidence of its presence. Last Month’s If your answer to that is, “I don’t know,” This last factor reinforces the theory that many of the latest malware samples have something in common. or “I’mContest not sure,” you Winner: are taking a HUGE It could mean that cybercriminals are copying each other, though it could also mean that they are actively risk with yourCindy company’s Daley most important sharing data and methodologies or that it could even be the same group carrying out all of these attacks. asset—the data on your network. Just The nature of the Dark Web makes it difficult, though not impossible, to consistently track down culprits. imagineFriendly what would Planet happen Travel to your NJ is a Prime Target business if you lost your entire client Of the now eight reported ransomware attacks in NJ, Ryuk was used in three – along with the Dover and Pleasedatabase… complete our brief survey in Union County attacks, the Cherry Hill School District was also a victim of a breach by the same malware type. Besides these examples, all but the attack against Newark – which was hit by the similar SamSam order…Lost to all be accounting placed in documentation the running andto virus - were attributed to unknown actors. The reality is that many (if not most) departments and winhistory…Lost this month's all the gift work card files prize! you’ve businesses in New Jersey and nearby metropolitan areas do not disclose when they are hacked. spent YEARS developing…Lost the work Ryuk has largely replaced SamSam as the ransomware of choice, but given the similar tactics between 1.files What and documentation do you like youmost so desperatelyabout the two, the former’s rise was likely enabled by the lack of actionable information on the latter. This need to service your customers… leads to victims falling for the same scams as those before them, as the data, knowledge and experience our services? needed to spot infection vectors and respond to locked files is lacking. Can you even put a price tag on it? 2.Probably Tell us not about –yet so a manyspecific business Learn How to Defend Against Ransomware owners aren’t 100% certain that they could SWK Technologies has firsthand experience with helping clients deal with ransomware (see how we experiencebe back up and with running us thatafter a you disaster were and helped Continental Food and Beverage, distributors of Inca Kola, save their files). We can provide you with tools and expertise to help you combat this growing threat and prepare your business to defend your happyare purely with. hoping that their current tape network against malware infections. drive or backup is working and storing a usable copy of their data. Download our free Business Guide to Ransomware ebook to learn more about what to expect and you 3. What are the biggest benefits can begin protecting yourself against what’s out there. you’Tapeve received Drives Areor experienced The MOST sinceUnreliable, hiring us? Unsecured Way To Back Up Your Data Creating a Sense of Shared Cybersecurity

4. What can we improve? In cybersecurity, people are your weakest link and your best defense – you have probably heard us say this more than once. All tape drives fail; it’s only a matter of Just as your business cannot run without people, neither can you . Any cybersecurity plan is twofold, in “when,” not “if.” So if being able to get that you must prevent employees from exposing you to cyber risks while empowering them to detect and respond to Email Jon Stiles potential threats. back up and running again in the event of ([email protected])a data-erasing disaster is important, then with Creating and enforcing a security culture takes work, but is increasingly necessary. A majority of SMBs have been targeted you need to know about our <>. OR network security.

Fill out our online form: Here are a few steps that will help you establish a shared sense of cybersecurity in your business: <

takes a snapshot of your entire network Data protection best practices range from basic solutions like password security education, to implementing multi-factor throughoutYou the could day, giving win you the a and other services that add an extra layer of security for your network users. These procedures reinforce for confidence we could have you back up and users both the importance of their individual practices, AND the sensitive nature of the data their credentials unlock. $25 Gift Card! running again within HOURS, not days or Cloud Networks and Real-time Access weeks.>> Most devices and applications are moving towards some level of cloud capability – if you are using Office 365 on your desktop or a Verizon smartphone, then your data is already exposed to the cloud. User security only becomes that much more important when using digital platforms, and is inherently an exercise in shared cybersecurity. However, just as with Want to know if your data is every Internet advancement since the 90’s, cloud security just requires extra vigilance until the added steps become second REALLY secure and being backed up nature for system users.

properly? Call us for a FREE Data This, of course, requires that you actually educate your employees on what NOT to do – and what might happen if they do Backup and Disaster Recovery Audit Call it anyway. This includes all levels of your company, as managers and executives are often the biggest targets to exploit for human error. Remind your users that they are not just accessing hardware whenever they press a key or touch a screen, but us at xxx-xxx-xxxx or go online to a communications node connected to dozens, hundreds or thousands of other endpoints. www.insertyoururl.com/backup Continued on page 4...

Get More Free Tips, Tools, and Services on Our Website: www.swknetworkservices.com Page 3

Shiny gadget of the States Impose Greater Data Privacy Standards month: New York and California recently passed expanded data privacy Sonos Move Portable regulations that some observers say move the US closer to the breach reporting standards the GDPR brought to the European Union. Though it Speaker remains to be seen whether this approach actually spreads to other states, it does reflect the increasingly popular opinion of both experts and the general public that more data custody laws are required.

A recent article in the Harvard Business Review goes a step further and calls for a globally accepted standard of breach reporting. As the authors point out, countries besides the USA have already adopted more comprehensive, collaborative and universal disclosure obligations which enable organizations to share relevant data on cyber attacks. With these precedents having been established, it seems inevitable that some type of universal reporting standard will be passed in the near future.

Here are the most important to know about the new regulations and how they may affect your business:

California Consumers Privacy Act (CCPA) - American GDPR? The CCPA was passed in 2018, but compliance and enforcement does not go into effect until January 2020. With stricter boundaries for personal data usage and steeper fines for violating consumer privacy under these Sonos, who has been regarded as one of the top terms, it has been compared to the EU’s General Data Protection Regulation in purpose and scope. In the latter case, given the size of California and its economy, its impact is expected to extend well past state lines with speaker producers announced this year a first for remote sellers and residents increasing dependent on interstate commerce. them… a portable speaker. While obviously the concept of a portable speaker is nothing new Sonos New York SHIELD Act Earlier this year the Stop Hacks and Improve Electronic Data Security Handling Act (SHIELD Act) was passed had never created one. to improve data security for consumers due to the increased number of cyberattacks going on in the country. For companies that maintain or process New York residents’ personal information (PI) they will need to comply They call it, Sonos Move, and it packs many of the with the new changes. Three new categories of data security and breach notification requirements were features that other high end portable speakers have introduced: • Financial account and payment card numbers that “could be used to access an individual’s financial like being weather resistant, high quality sound, and account without additional identifying information, security code, access code, or password” shock resistant, but they’ve also added some new • Biometric information, “meaning data generated by electronic measurements of an individual’s unique features. The most notable is the tweak they did to physical characteristics” their Trueplay calibration system that allows the • A “user name or email address in combination with a password or security question and answer that speaker to automatically calibrate for the best possible would permit access to an online account.” The goal is to broaden what is considered Private Information within New York’s general business law and sound. It was demoed at a preview event by placing it state technology law. These increased reporting requirements will go into effect on March 21, 2020. on a bookshelf (one of the worst spots for it due to the In order to meet these requirements companies will have to evaluate their data security programs to determine if reverberations of the space) and after a few seconds it they will need to increase the level of security going forward. adjusted to compensate for the echoes. Most Americans Want More Data Protection Regulations 75 percent of American respondents told a Pew research group that they want to see the federal government do The battery is supposed to last 10 hours on a charge more to protect their data - specifically from businesses. Almost 80 percent said they have no confidence “… and can easily be kept charged by placing on its companies will take responsibility when they misuse consumer data.” The report makes clear three things: US citizens do not trust commercial interests with personal information, they feel no control over their personal wireless ring base. Setup is simple and consists of just information, and they believe that laws should be passed that puts that control back in their hands. plugging in the device, downloading the app, and linking it up with the speaker. It also comes with While some of the most flagrant abuses of customer data have been penalized, many have criticized the government – including voices within the government – saying that it has not been enough. This is exactly why Google Assistant and Amazon Alexa built right in so states like California and New York have begun passing their own data privacy laws, and given the influence you have your voice assistants ready to go without an both these examples have on the national and international economies, the standards they apply are likely to extra connection to a device being required. spread.

Get Ahead of Compliance with Data Security Best Practice These features seem like they could be great for Growing popular favor means that a comprehensive federal data privacy regulation is bound to appear sooner anyone who enjoys their music (and who doesn’t), rather than later. As new laws and regulations for compliance are introduced to protect user data the task can especially if they already have Sonos speakers in their become more and more daunting for SMBs. Don’t let compliance needs become an added stress to your business. For starters you can read our Cybersecurity Tips eBook and for more in-depth answers you can home because it will connect right in with the rest of contact us to learn about the options you have to be protected and make sure you have your compliance needs their Sonos sound system. Even if they don’t, having fulfilled. a top of the line speaker that is portable brings it own advantages. Now you can bring your tunes outside, follow you around to any room in your home, out to a tailgate, or even to the beach. Gift Card Trivia! This month’s question is: The only real drawback for some might be the price which comes in at $399. Though for anyone who is According to the survey in the article revealed that nearly ____% of Americans have either fallen victim or familiar with high end speakers this is not extreme. It know someone who has fallen victim to robocalling in 2019. (Hint: The answer is in this newsletter.) certainly seems like a really cool gadget for the a. 48% holidays and the AI audio calibration is intriguing. b. 24% You can find out more on their site www.sonos.com/ c. 74% en-us/shop/move.html. What do you think of Sonos’ d. 35% latest speaker? Please email Jon Stiles ([email protected]) with your answer by December 31st, in order to be placed in the running for this month's gift card prize!

Get More Free Tips, Tools, and Services on Our Website: www.swknetworkservices.com Page 4

We can help you with: Contact us Give us a call for more information • Complete network management and support about our services and products. • Troubleshooting and problem solving on all PCs and Macs • Cloud services and virtualization SWK Technologies, Inc. • Hardware installation and support South Jersey 650 Grove Road, Suite 106 • Virus / removal and West Deptford, NJ 08066 protection • Security solutions North Jersey • 120 Eagle Rock Ave., Suite 330 Employee awareness training East Hanover, NJ 07936 • VPN (Virtual Private Networks) • Remote access / Mobile computing Phone: 856.956.5800 • Server installations and upgrades Fax: 856.845.6466 • Spam filtering Visit us on the web at • Hosted email www.swknetworkservices.com • Web content filtering • System backups, on-site and off-site • Help desk

Creating a Sense of Shared Tips for staying safe this holiday season Cybersecurity

Continued from page 2… In November, McAfee a cybersecurity company, released their findings from a recent survey focused on holiday scams. The survey revealed that nearly half (48%) of Americans Cyber Risk Assessment and Employee Cybersecurity Training have either fallen victim or know someone who has fallen victim to robocalling in 2019. As everything above shows, training is the first on most lists of The use of robocalling has grown in recent years and this statistic makes it one to watch out cybersecurity strategies, but you cannot force everyone in your business for this holiday season. This is not the only scam to look out for though. Email to become an IT expert. Besides the sheer amount of instruction needed to and text phishing (41% and 35% respectively) are still popular methods being used by turn every amateur into a security specialist, cyber stress can cause as hackers. much damage as a data breach (because it can lead to one anyway). Any user security improvement plan should be conceptualized and deployed While these scams may not be multi-million dollar breaches you read about in the news according to a risk-based approach. 74% said that they lost more than $100 and 30% lost more than $500. With a growing number of stolen credentials being made available for cybercriminals to purchase on the dark web it only increases the likelihood that these numbers will increase this year. The Assessing cyber risk includes reviewing where you may be vulnerable troubling fact is that while many people may be aware of the threat over the holidays, they (ERP software, industrial systems, business application suites, etc.), and won’t actually do anything about it to protect themselves. calculating the number of endpoints and users that may be exposed in those areas. From here, you can The Cybersecurity and Infrastructure Security Agency (CISA) issued a statement and design and schedule training encourages users to be aware of potential holiday scams and malicious cyber campaigns, programs by business unit, with particularly when browsing or shopping online. Cyber actors may send emails and ecards content based on role and credential containing malicious links or attachments infected with malware or may send spoofed access to critical systems. Most emails requesting support for fraudulent charities or causes. importantly, you can help your employees understand how their CISA encourages users to remain vigilant and take the following precautions: security approach affects their • Avoid clicking on links in unsolicited emails and be wary of email attachments personal lives as well – and how (see Using Caution with Email Attachments and Avoiding Social Engineering and improving practices at work secures Phishing Scams). their devices at home as well. • Use caution when shopping online (see Shopping Safely Online). • Verify a charity’s authenticity before making donations. Review the Federal Trade Get Your Employees the Tools to Protect Your Business Commission's page on Charity Scams for more information. There is no avoiding the fact that SMBs these days require a culture of cybersecurity, but ensuring that your employees understand their part In addition to these precautions we recommend: means providing the tools that allow them to do so. SWK has the • Never reusing passwords and always using a strong password (capital letters, resources available to help you teach your people how to protect numbers, symbols all mixed in). themselves and your business from all threats. • If you get an email from someone you know that appears suspicious always check with them before acting on anything the email requests. Download the Cybersecurity Toolkit for SMBs e-book to learn how to • Using two-factor authentication when possible create a culture of shared network security for your business. software and the other for entertainment. The holiday season is meant to be spent together with loved ones, not dealing with the stress of recovering from a hacker. Keep these tips in mind this holiday season for a safe and happy end of the year. Remember, if you are ever suspicious of anything you can always reach out to the SWK team for help, or if you are looking for more ways to protect you and your employees, contact us to learn about the solutions we have that will help.